| Reporter | Title | Published | Views | Family All 21 |
|---|---|---|---|---|
| BioTime Directory Traversal / Remote Code Execution Exploit | 1 Apr 202400:00 | – | zdt | |
| CVE-2023-38951 | 3 Aug 202323:15 | – | attackerkb | |
| The vulnerability of the SFTP Secure File Transfer Protocol implementation in the BioTime time management web platform allows a violator to write arbitrary files. | 7 Aug 202300:00 | – | bdu_fstec | |
| CVE-2023-38951 | 5 May 202517:48 | – | circl | |
| ZKTeco BioTime Path Traversal Vulnerability | 3 Aug 202300:00 | – | cnnvd | |
| CVE-2023-38951 | 3 Aug 202300:00 | – | cvelist | |
| EUVD-2023-42711 | 3 Oct 202520:07 | – | euvd | |
| ZKTeco BioTime <= 9.0.1 - Privilege Escalation | 13 Jul 202604:38 | – | nuclei | |
| CVE-2023-38951 | 3 Aug 202323:15 | – | nvd | |
| CVE-2023-38951 | 3 Aug 202323:15 | – | osv |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| host | request body | base/sftpsetting/add/ | Path traversal via Username field in SFTP settings can be abused to manipulate file paths. | CWE-22 |
| port | request body | base/sftpsetting/add/ | Path traversal via Username field in SFTP settings can be abused to manipulate file paths. | CWE-22 |
| is_sftp | request body | base/sftpsetting/add/ | Path traversal via Username field in SFTP settings can be abused to manipulate file paths. | CWE-22 |
| user_name | request body | base/sftpsetting/add/ | Path traversal via Username field in SFTP settings can be abused to manipulate file paths. | CWE-22 |
| user_password | request body | base/sftpsetting/add/ | Path traversal via Username field in SFTP settings can be abused to manipulate file paths. | CWE-22 |
| user_key | request body | base/sftpsetting/add/ | Path traversal via Username field in SFTP settings can be abused to manipulate file paths. | CWE-22 |
| action_name | request body | base/sftpsetting/add/ | Path traversal via Username field in SFTP settings can be abused to manipulate file paths. | CWE-22 |
| csrfmiddlewaretoken | request body | base/sftpsetting/edit/ | Path traversal via Username field in SFTP settings edit can be abused to modify sensitive files; involves lack of input sanitization on SSH key field. | CWE-22 |
| host | request body | base/sftpsetting/edit/ | Path traversal via Username field in SFTP settings edit can be abused to modify sensitive files; involves lack of input sanitization on SSH key field. | CWE-22 |
| port | request body | base/sftpsetting/edit/ | Path traversal via Username field in SFTP settings edit can be abused to modify sensitive files; involves lack of input sanitization on SSH key field. | CWE-22 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation